-----Original Message----- From: John Rudd [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 30, 2007 1:20 AM To: David B Funk Cc: users@spamassassin.apache.org Subject: Re: Poor man's high MX spam Trap
David B Funk wrote: > On Mon, 29 Jan 2007, John Rudd wrote: > >> It doesn't have to be firewalled. It just has to be non-answering on >> port 25. It's called "nolisting". >> >> I've thought about doing something similar. Nolisting only says: >> >> MX 1 non-answering.host >> MX 10 real.host >> >> But adding the non-answering host to the end seems like a good idea >> to me (for all of the spammers that try to attack the secondaries). >> >> There IS a risk of losing mail. But only if the sender is a non-RFC >> compliant MTA. Which, in theory, might be legit.. but I bet in >> practice, for this particular RFC issue, it's a near zero level of risk. > > > Um, given that the RFCs (2821, etc) say that the MXs should be tried > in order with the most preferred (lowest numeric value) first, > wouldn't that scheme result in delays on all messages (as well as lost > mail from servers that only try the "best" MX)? Small delays. They should try all of your MX hosts, in decreasing priority order (increasing MX value order) until they get a success. That's also in the RFC. So: a) the hosts that don't try the 2nd MX, aren't RFC complaint. b) the delay should only be as much as it takes to timeout on the connection to the highest priority, lowest MX number, non-answering, MX host. Plus maybe one queue retry (depending on whether it tries the 2nd MX right away or after a queue retry interval). > Why make your "best" MX be the non-answering.host? Because, according to the nolisting proponents (which I am not, I am just experimenting and exploring the concept), the vast majority of the hosts that don't do (a), above, are spam/virus sources. And, they say, the hosts that don't do (a), but are legitimate, are so vanishingly small as to not be worth worrying about. ------------- OK I caught this at the end and I'm seeing 2 potential tools to reduce spam. 1. is the non-answering host as the primary. Correct me if I'm wrong but the delay would be almost non-exsistant because the time it takes for the connection to timeout is almost non-existant and would be better then greylisting which can cause huge delays based on sending servers not being correctly configured. 2. I see the tarpit of creating a high ranking MX which would capture information of spammers that would be dropped into a reject list. Does this fairly describe what we are talking about here? Ralf, or Wietse what do you think of these 2 techniques? I basically dropped greylisting last week because of the headaches it was causing with multiple sending smtp servers, and I have seen a huge increase in spam, method one here sounds like a great replacement.
